]>
Commit | Line | Data |
---|---|---|
5e993f12 | 1 | From 14c7476b1cc961931e587aecae832f0c6e3edba1 Mon Sep 17 00:00:00 2001 |
2 | From: Mike Frysinger <vapier@gentoo.org> | |
3 | Date: Thu, 2 Oct 2008 01:47:55 -0400 | |
4 | Subject: [PATCH] cfi_flash: do not reset flash when probe fails | |
5 | ||
6 | The CFI flash driver starts at flash_init() which calls down into | |
7 | flash_get_size(). This starts by calling flash_detect_cfi(). If said | |
8 | function fails, flash_get_size() finishes by attempting to reset the | |
9 | flash. Unfortunately, it does this with an info->portwidth set to 0x10 | |
10 | which filters down into flash_make_cmd() and that happily smashes the | |
11 | stack by sticking info->portwidth bytes into a cfiword_t variable that | |
12 | lives on the stack. On a 64bit system you probably won't notice, but | |
13 | killing the last 8 bytes on a 32bit system usually leads to a corrupt | |
14 | return address. Which is what happens on a Blackfin system. | |
15 | ||
16 | Signed-off-by: Mike Frysinger <vapier@gentoo.org> | |
17 | --- | |
18 | drivers/mtd/cfi_flash.c | 3 ++- | |
19 | 1 files changed, 2 insertions(+), 1 deletions(-) | |
20 | ||
21 | diff --git a/drivers/mtd/cfi_flash.c b/drivers/mtd/cfi_flash.c | |
22 | index 0d1ee8a..72d063a 100644 | |
23 | --- a/drivers/mtd/cfi_flash.c | |
24 | +++ b/drivers/mtd/cfi_flash.c | |
25 | @@ -1932,9 +1932,10 @@ ulong flash_get_size (ulong base, int banknum) | |
26 | /* XXX - Need to test on x8/x16 in parallel. */ | |
27 | info->portwidth >>= 1; | |
28 | } | |
29 | + | |
30 | + flash_write_cmd (info, 0, 0, info->cmd_reset); | |
31 | } | |
32 | ||
33 | - flash_write_cmd (info, 0, 0, info->cmd_reset); | |
34 | return (info->size); | |
35 | } | |
36 | ||
37 | -- | |
38 | 1.6.0.2 | |
39 |